Proof of Concept (PoC) code has now been publicly released for a flaw, which Secunia rated “extremely critical.” It is potentially leaving untold millions of Microsoft Internet Explorer users at risk.
The Microsoft Internet Explorer JavaScript window() DoS vulnerability was originally reported at the end of May.
The flaw could potentially allow a malicious remote user to trigger a
DoS by way of a JavaScript onload event that calls the window function.
“Contrary to popular
beliefs, the aforementioned security issue is susceptible to remote,
arbitrary code execution, yielding full system access with the privileges of
the underlying user,” according to security firm, Computer Terrorism.
To back up its point and ultimately put millions of users at risk of
attack, Computer Terrorism has posted proof of concept code that demonstrates how
easy it is to compromise a fully patched IE user’s PC.
Johannes Ullrich of the SANS Internet Storm Center (ISC) noted that the
flaw allows for arbitrary executables to be executed without user
interaction.
Computer Terrorism’s PoC demo will launch a calculator
(calc.exe), though Ullrich commented that there is also a version that will
allow a user to open a remote shell.
As a result of the publicly available PoC, security news aggregator
Secunia has upped its assessment of the flaw to extremely critical, its
highest security warning level.
IE users are being advised to disable JavaScript on non-trusted sites
until a patch is released.
A Microsoft spokesperson confirmed that the company is aware of new public
reports of a possible vulnerability in IE for customers
running Windows 2000 SP4 and Windows XP SP2.
According to the spokesperson, customers running Windows Server 2003 and Windows Server 2003 SP1 in their default configurations, with the Enhanced Security Configuration turned on,
are not affected.
“We have also been made aware of proof of concept code that could seek to
exploit the reported vulnerability, but are not aware of any customer impact
at this time,” the spokesperson said. “But Microsoft will continue investigating these public
reports.”
Once the investigation is completed, the spokesperson said that Microsoft
will take the appropriate action to protect its customers, which may include
providing a fix through its monthly release process or issuing a security
advisory, depending on customer needs.
